Slowing down forum trolls and cowards

[seckle]

As the forum just crossed the 2 million posts milestone a few days ago, I thought this might be an interesting way to eliminate a problem. In a nutshell, this would end the party for all those cowards/babies/shitstirrers that don't have the balls to say things under their own names. This would be a fairly easy modification to the software, but it does have some privacy implications. For those that don't have any idea what this means....essentially right now, everytime you post a thread or make a comment to a thread, anywhere on this site, your internet IP (whether the comment be made using a blackberry/droid/iphone/mac/pc or whatever) is recorded with a timestamp on the server. Right now this IP information is only available to admins, and moderators, and is kept completely private. No regular members have access to this info, and obviously non-members wouldn't at all. This change would give the option to registered members to search IP's, for a specific comment or thread, and see if theres a link with older screenames or posts on the forum, thus tying together a set of names or a group of names all posting from a certain IP.

Everyone is really tired of the endless babytalk and bullshitting. Its time that people own up to their comments, and this change won't be a perfect solution, but it will be a deterrent for kids wishing to take the piss out of DJ X or producer Y for no other reason than pure attention seeking.

AGAIN, This is just a poll to see the general public feeling about this, so don't blow a circuit about your privacy being invaded. Nothing is to be changed as a result of this poll. This is just to test the waters, and try and bring back some semblance of ownership to public statements. Cheers.

[deadly_habit]

why not just name and shame? revealing ip addresses can lead to all sorts of implications and problems
hell there's also proxies, dynamic vs static etc
plus it'd be just asking for more spam bots, and malware, viruii and exploits just made easier

[deadly_habit]

just for my own personal amusement tell me if this post has the same ip info and i'm just trying a simple web based proxy

[Skriptah]

I agree. If people were able to see our IP's, there would be way more problems, and way more viruses directed towards people. If the admins can actually see the IP's that is enough, I just dont think they would care to bother over banning all the IP's of trolls.

[djake]

no thanks.

[seckle]

why not just name and shame? revealing ip addresses can lead to all sorts of implications and problems
hell there's also proxies, dynamic vs static etc
plus it'd be just asking for more spam bots, and malware, viruii and exploits just made easier

it wouldn't create spam, bots or malware, as the "search ip" mod available for this forum's software right now, uses visual captcha. the 1st captcha would eliminate any bots, and it could be even set to run a 2nd captcha sequence to make sure it was being used by a human being and not some script program.
http://www.captcha.net/

[deadly_habit]

why not just name and shame? revealing ip addresses can lead to all sorts of implications and problems
hell there's also proxies, dynamic vs static etc
plus it'd be just asking for more spam bots, and malware, viruii and exploits just made easier

it wouldn't create spam, bots or malware, as the "search ip" mod available for this forum's software right now, uses visual captcha. the 1st captcha would eliminate any bots, and it could be even set to run a 2nd captcha sequence to make sure it was being used by a human being and not some bot.

captchas definitely are far from bot proof (though why you guys got rid of the one for registration is beyond me)
posting up people's ip information dynamic or static is just bad business in general

here's a hypothetical situation:
someone pisses me off for whatever reason. quickly look up their ip, run a portscan and search out exploits, or ddos attack and many other possibilities
while the argument can be presented that your average user isn't going to have this knowledge, it only takes a few, but anyone with a high speed connection and google can quickly become a script kiddie without having to know the specifics

[seckle]

right now, the main problem on this site is that the people trolling and aliasing, month after month, don't have anything to lose. to them its all one big laugh, whereas, a producer or dj that's spent 5-10 years building a reputation and professional business, has to endure constant bullshit of the highest order.

this isn't going to stop trolling, but its going to give those people posting crap, purely for their own motivations or private agendas, a moment of pause.

[deadly_habit]

like i said why not just start a sticky and name and shame rather than create a security hole?
hell can you post the ips for the spambots too, some of those fuckers are getting into the double digits post wise

[seckle]

like i said why not just start a sticky and name and shame rather than create a security hole?

its an option, but it also means a lot of spare time spent, that moderators or admins don't have.

plus, this idea of naming and shaming solves nothing. by making this a member's option, you make people think twice before submitting a comment or thread as they would be accountable, and thats much more effective. 2 birds with 1 stone.

[heymanman]

omg terrorists on the forum..
*end all privacy now*

[deadly_habit]

well honestly with the advertising exploit viruses, spambots running abound and embeds that are just waiting to be exploited do you think it's worth adding another vulnerability just so people with the mentality of 12 year olds (hopefully) learn some personal accountability? hate to say it, but trolls are gonna troll, and after all it's just an internet forum.
like i said it's not the hardest thing to circumvent and i'll reiterate, is opening a new security vulnerability for the forum and it's users, which a number of as you may recall got infected from the advertising exploit from not having basic internet security software.
i could probably argue this till i'm blue in the face, just want to point out the glaringly obvious problems with it from a security standpoint.

[seckle]

glaringly obvious problems with it from a security standpoint.

as if internet forums were supposed to be a bank vault of security? lol
we're not americanexpress! not only that, there's dozens and dozens of times that your IP information gets recorded on the internet, with much less privacy control than this forum change would be making. everytime you log into your email on yahoo,gmail,hotmail or whatever, your IP is being sent. if you do this on a phone, that IP info goes straight up into the air, so trying to make some massive security breach argument is a storm in a teacup compared to all the other internet activity done by the average person.

[deadly_habit]

yea, but why make it easy for the script kiddies and spam, virus, malware, etc botnets?
for example i could pull your ip info if i really wanted to using a simple 1x1 pixel image and a webserver which keeps logs of who accessed that file, toss it in my sig then pm the targeted user some innocuous question and just play a waiting game.
there is a reason why people use proxies and dynamic ip addressing as a means of tracking someone is kind of a joke as well since all that it takes is a hard reset of the users cable modem and poof new ip address from the service provider
in the pursuit to teach those trolls a virtual lesson/scolding you'll essentially be exposing people with static ips, little to know tech/net knowledge, outdated software that can be exploited, or no protection at all to a potential pandora's box of problems.
like you said your ip addy floats around with all your web interactions, so does your phone number when you call people, but it doesn't mean people want their number listed in a phone book for the public to see.

[lidsjunky]

no.. ip leads to ddos

[Phigure]

yea, but why make it easy for the script kiddies and spam, virus, malware, etc botnets?
for example i could pull your ip info if i really wanted to using a simple 1x1 pixel image and a webserver which keeps logs of who accessed that file, toss it in my sig then pm the targeted user some innocuous question and just play a waiting game.
there is a reason why people use proxies and dynamic ip addressing as a means of tracking someone is kind of a joke as well since all that it takes is a hard reset of the users cable modem and poof new ip address from the service provider
in the pursuit to teach those trolls a virtual lesson/scolding you'll essentially be exposing people with static ips, little to know tech/net knowledge, outdated software that can be exploited, or no protection at all to a potential pandora's box of problems.
like you said your ip addy floats around with all your web interactions, so does your phone number when you call people, but it doesn't mean people want their number listed in a phone book for the public to see.

fucking amen.

it's completely unnecessary and superfluous. why not just the aforementioned "name and shame" thread?

[fractal]

Good idea from a community forum standpoint, bad idea IT-wise. I'm sure y'all would let us know if you do it, as we'll need to make the proper security preperations for any unforeseen attacks. I think deadly's idea of a sticky of naming and shaming and banning certain ip addresses is the more logical thing to do. This means if you over-troll, you lose your privacy. As for Mods not having time, y'all need to find some mods that do have time. I'm on the comp all day for work/school. Half of the mods on here rarely, if ever post these days. 2 million posts means its time for a second generation of mods who have both time and concern for this place

Imho

[seckle]

yea, but why make it easy for the script kiddies and spam, virus, malware, etc botnets?
for example i could pull your ip info if i really wanted to using a simple 1x1 pixel image and a webserver which keeps logs of who accessed that file, toss it in my sig then pm the targeted user some innocuous question and just play a waiting game.
there is a reason why people use proxies and dynamic ip addressing as a means of tracking someone is kind of a joke as well since all that it takes is a hard reset of the users cable modem and poof new ip address from the service provider
in the pursuit to teach those trolls a virtual lesson/scolding you'll essentially be exposing people with static ips, little to know tech/net knowledge, outdated software that can be exploited, or no protection at all to a potential pandora's box of problems.
like you said your ip addy floats around with all your web interactions, so does your phone number when you call people, but it doesn't mean people want their number listed in a phone book for the public to see.

ok, now this is just silly. you're talking about things here that 97% of the people on this site either a) would never be subjected to, and b) would only really apply to the amateur professional hacking community...which is definitely not wasting their time trying to attack dubstepforum membership en masse... over something as simple as an IP. they've got much bigger targets and wouldn't waste their time. you made your point but now its nearly laughable! besides, it could set it to only reveal half an IP range...ex : "***.*33.255.456"....not the full range numbers, but enough to make a match between a real account and a problem account, should there be one.

[deadly_habit]

Total posts 2006752 Total members 56934
make the ip addresses searchable even if only to registered users (which honestly is so hard to do)
harvest those ip addresses with a script
lets say 1% of the users (not taking into account duplicate accounts) are static ip addresses
that's 569 potential targets standing still
lets say 1% of that have a security exploit found via automated methods
that's 57 computers
57 computers worth of personal info or added to a botnet is very valuable
what's so laughable about that?
any large forum is a target, it's naive to say omg like hackers would be bothered with dubsteppers.

[seckle]

I'm sure y'all would let us know if you do it, as we'll need to make the proper security preperations for any unforeseen attacks.

NOTHING is being changed. NOTHING. Rest assured. This is only a poll, to see if there's enough people that think it would help with the trolling, and general discussion level on this site. Some of these brand new alias accounts created only to start problems, needs to be sorted one way or another.

naming and shaming, in some sort of published list...is NOT a solution.